openkylin
/
genmai
mirror of https://gitee.com/openkylin/genmai.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

新的main框架,还需要进一步的协商调整

This commit is contained in:
chenxinquan 2023-03-29 15:44:00 +08:00
parent b6d02cdac8
commit 8b29f58d45
10 changed files with 560 additions and 629 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
data/SystemPocs/SystemPocs.yaml
View File

@ -1,31 +1,31 @@
ConfigFilePrefix: ../data/SystemPocs/
Type: system
ExplorerItems:
# - ConfigFile: KVE-2022-0206/KVE-2022-0206.yaml
# - ConfigFile: KVE-2022-0231/KVE-2022-0231.yaml
# - ConfigFile: KVE-2022-0210/KVE-2022-0210.yaml
# - ConfigFile: KVE-2022-0207/KVE-2022-0207.yaml
# - ConfigFile: KVE-2022-0205/KVE-2022-0205.yaml
# - ConfigFile: CVE-2022-1292/CVE-2022-1292.yaml
# - ConfigFile: CVE-2021-44142/CVE-2021-44142.yaml
# - ConfigFile: CVE-2021-3560/CVE-2021-3560.yaml
# - ConfigFile: CVE-2021-4034/CVE-2021-4034.yaml
# - ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml
# - ConfigFile: CVE-2022-0351/CVE-2022-0351.yaml
# # - ConfigFile: CVE-2023-25136/CVE-2023-25136.yaml //开发完新字段后才能使用
# # - ConfigFile: CVE-2023-22809/CVE-2023-22809.yaml //开发完新字段后才能使用
# - ConfigFile: CVE-2022-0543/CVE-2022-0543.yaml
# - ConfigFile: CVE-2021-41773/CVE-2021-41773.yaml
# - ConfigFile: CVE-2022-0417/CVE-2022-0417.yaml
# - ConfigFile: CVE-2022-0359/CVE-2022-0359.yaml
# - ConfigFile: CVE-2022-0413/CVE-2022-0413.yaml
# - ConfigFile: CVE-2022-0572/CVE-2022-0572.yaml
# # - ConfigFile: CVE-2022-0629/CVE-2022-0629.yaml //远程模块交互不能执行,后续尝试解决该问题
# - ConfigFile: CVE-2022-0685/CVE-2022-0685.yaml
# - ConfigFile: CVE-2022-0714/CVE-2022-0714.yaml
# - ConfigFile: CVE-2022-0729/CVE-2022-0729.yaml
# - ConfigFile: CVE-2022-1771/CVE-2022-1771.yaml
# - ConfigFile: CVE-2022-2598/CVE-2022-2598.yaml
- ConfigFile: KVE-2022-0206/KVE-2022-0206.yaml
- ConfigFile: KVE-2022-0231/KVE-2022-0231.yaml
- ConfigFile: KVE-2022-0210/KVE-2022-0210.yaml
- ConfigFile: KVE-2022-0207/KVE-2022-0207.yaml
- ConfigFile: KVE-2022-0205/KVE-2022-0205.yaml
- ConfigFile: CVE-2022-1292/CVE-2022-1292.yaml
- ConfigFile: CVE-2021-44142/CVE-2021-44142.yaml
- ConfigFile: CVE-2021-3560/CVE-2021-3560.yaml
- ConfigFile: CVE-2021-4034/CVE-2021-4034.yaml
- ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml
- ConfigFile: CVE-2022-0351/CVE-2022-0351.yaml
# - ConfigFile: CVE-2023-25136/CVE-2023-25136.yaml //开发完新字段后才能使用
# - ConfigFile: CVE-2023-22809/CVE-2023-22809.yaml //开发完新字段后才能使用
- ConfigFile: CVE-2022-0543/CVE-2022-0543.yaml
- ConfigFile: CVE-2021-41773/CVE-2021-41773.yaml
- ConfigFile: CVE-2022-0417/CVE-2022-0417.yaml
- ConfigFile: CVE-2022-0359/CVE-2022-0359.yaml
- ConfigFile: CVE-2022-0413/CVE-2022-0413.yaml
- ConfigFile: CVE-2022-0572/CVE-2022-0572.yaml
# - ConfigFile: CVE-2022-0629/CVE-2022-0629.yaml //远程模块交互不能执行,后续尝试解决该问题
- ConfigFile: CVE-2022-0685/CVE-2022-0685.yaml
- ConfigFile: CVE-2022-0714/CVE-2022-0714.yaml
- ConfigFile: CVE-2022-0729/CVE-2022-0729.yaml
- ConfigFile: CVE-2022-1771/CVE-2022-1771.yaml
- ConfigFile: CVE-2022-2598/CVE-2022-2598.yaml
# # - ConfigFile: CVE-2022-2274/CVE-2022-2274.yaml //需要CPU-AVX512IFMA才能认证
# - ConfigFile: CVE-2019-7304/CVE-2019-7304.yaml
- ConfigFile: CVE-2019-18634/CVE-2019-18634.yaml
- ConfigFile: CVE-2019-7304/CVE-2019-7304.yaml
# - ConfigFile: CVE-2019-18634/CVE-2019-18634.yaml

58
src/genmai/ArgParser/ArgSecurityCheck.go
View File

@ -1,58 +0,0 @@
package ArgParser
import(
"fmt"
"regexp"
"strconv"
"strings"
"log"
)
func ArgCheck(targetString string)(LegalValue string){
match, err := regexp.MatchString(`^[a-zA-Z][a-zA-Z0-9-]{4,15}$`, targetString)
if err != nil {
fmt.Println("参数不合规")
}
// fmt.Println(match)
LegalValue=strconv.FormatBool(match)
return LegalValue
}
//IP校验
func IPCheck(IP string)(matchResult string,List []string){
List = make([]string,0)
checkIP:=strconv.FormatBool(strings.Contains(IP, "/24"))
if checkIP =="true"{
//解析D段
matchResult,List=IPParserD(IP)
}else{
match, err := regexp.MatchString(`^((0|[1-9]\d?|1\d\d|2[0-4]\d|25[0-5])\.){3}(0|[1-9]\d?|1\d\d|2[0-4]\d|25[0-5])$`, IP)
if err != nil {
fmt.Println(IP," 不合法请修改")
}
// fmt.Println(match)
matchResult=strconv.FormatBool(match)
List=append(List,IP)
}
return matchResult,List
}
//D段解析
func IPParserD(IP string)(matchResult string,List []string){
List = make([]string,0)
IP=strings.TrimRight(IP, "0/24")
for i:=0;i<=255;i++{
vul:=strconv.Itoa(i)
IPVul:=IP+vul
match, err := regexp.MatchString(`^((0|[1-9]\d?|1\d\d|2[0-4]\d|25[0-5])\.){3}(0|[1-9]\d?|1\d\d|2[0-4]\d|25[0-5])$`, IPVul)
if err != nil {
fmt.Println(IPVul," 不合法请修改")
}
matchResult=strconv.FormatBool(match)
if matchResult=="true"{
List=append(List,IPVul)
}else{
log.Println("D段解析错误")
}
}
return matchResult,List
}

275
src/genmai/ArgParser/ParameterParser.go
View File

@ -1,275 +0,0 @@
package ArgParser
import(
"flag"
"fmt"
"main/genmai/Pool"
"main/genmai/RemoteCheck"
//"strings"
"strconv"
"log"
"main/genmai"
"main/tools/SSHExplosion"
"main/tools/FastScan"
)
var Num int
func ParameterParser(sSystem string,sKernel string,sWeb string,sBaseLine string,sAll string,PoolStatNum int,ParserNum int,Update string ,IP string,help string,OutPutJson string){
Request:=make(map[string]string)
var ipCheck string
ipList := make([]string,0)
Num=0
if sSystem!="false"{
if sSystem=="All" || sSystem=="all"{
Request["system"] = sSystem
Num=Num+1
}else{
//检测函数检测安全性
//单独检查某个项目
LegalSystem:=ArgCheck(sSystem)
if LegalSystem=="true"{
Request["system"] = sSystem
Num=Num+1
}else{
fmt.Println("system参数不合规")
}
}
}
if sKernel!="false"{
if sKernel=="All" || sKernel=="all"{
Request["kernel"] = sKernel
Num=Num+1
}else{
//检测函数检测安全性
//单独检查某个项目
LegalKernel:=ArgCheck(sKernel)
if LegalKernel=="true"{
Request["kernel"] = sKernel
Num=Num+1
}else{
fmt.Println("kernel参数不合规")
}
}
}
if sWeb!="false" && IP!="false"{
if sWeb=="All" || sWeb=="all"{
ipCheck,ipList=IPCheck(IP)
if ipCheck=="true"{
Request["web"] = sWeb
Num=Num+1
}else{
fmt.Println("IP参数不合规")
}
}else{
//检测函数检测安全性
//单独检查某个项目
LegalWeb:=ArgCheck(sWeb)
ipCheck,ipList=IPCheck(IP)
if ipCheck=="true"&&LegalWeb=="true"{
Request["web"] = sWeb
Num=Num+1
}else{
fmt.Println("参数不合规")
}
}
}else if sWeb!="false" && IP=="false"{
fmt.Println("请输入IP参数")
return
}else if sWeb=="false" && IP!="false"{
fmt.Println("请输入web参数")
return
}
if sBaseLine!="false"{
if sBaseLine=="All" || sBaseLine=="all"{
Request["baseline"] = sBaseLine
Num=Num+1
}else{
//检测函数检测安全性
//单独检查某个项目
LegalBaseline:=ArgCheck(sBaseLine)
if LegalBaseline=="true"{
Request["baseline"] = sBaseLine
Num=Num+1
}else{
fmt.Println("BaseLine参数不合规")
}
}
}
if sAll=="true"{
if sSystem=="false"&&sKernel=="false"&&sWeb=="false"&&sBaseLine=="false" {
Request["kernel"] = sKernel
Request["system"] = sSystem
Request["baseline"] = sBaseLine
}else{
fmt.Println("Only allow all")
return
}
}
if Update=="true"{
if sSystem=="false"&&sKernel=="false"&&sWeb=="false"&&sBaseLine=="false" {
fmt.Println("Updating...")
genmai.Update()
return
}else{
fmt.Println("The update process does not allow other processes")
return
}
}
if help=="true"{
flag.PrintDefaults()
}
if sSystem=="false"&&sKernel=="false"&&sWeb=="false"&&sBaseLine=="false"&&sAll!="true"&&Update!="true"&&help!="true"{
fmt.Println("err,Please enter parameters")
return
}
//协程最大值为200
if ParserNum<0 || ParserNum>500{
fmt.Println("协程最大值为0-500")
return
}else{
poolNum:=ParserNum
fmt.Println("info:Genmai enable default coprocess",poolNum)
}
Pool.CoprogramPool(Request,ipList,OutPutJson)
}
//远程参数解析
func RemoteArgParser(oldRemoteMap interface{})(){
RemoteMap:=oldRemoteMap.(map[string]string)
if RemoteMap["host"] !="false" && RemoteMap["user"] !="false" && RemoteMap["password"] !="false" && RemoteMap["port"] !="all"{
SSHHostCheck,list:=IPCheck(RemoteMap["host"])
if SSHHostCheck !="true"{
fmt.Println("host错误",list)
}else{
var RemoteArg []string
Host:=RemoteMap["host"]
Port:=RemoteMap["port"]
User:=RemoteMap["user"]
Password:=RemoteMap["password"]
PortInt ,err:=strconv.Atoi(Port)
if err!=nil{
fmt.Println(err)
}
if RemoteMap["kernel"]=="all" || RemoteMap["kernel"]=="All"{
RemoteArg =append(RemoteArg ,"kernel")
}
if RemoteMap["system"]=="all" || RemoteMap["system"]=="All"{
RemoteArg =append(RemoteArg,"system")
}
if RemoteMap["baseline"]=="all" || RemoteMap["baseline"]=="All"{
RemoteArg =append(RemoteArg,"baseline")
}
RemoteCheck.RemoteScan(Host,PortInt,User,Password,RemoteArg)
}
}
}
//弱口令模块参数解析
func WKPWD(WKPWD string ,PWDList []string){
PWD:=make(map[int]string)
j:=0
PWD[0] ="WeakPwdGeneration/WeakPwdGeneration" //文件名
if WKPWD=="true"{
for i:=0;i<len(PWDList);i++{
if PWDList[i]!="0" && i==0{
j=j+1
vul0:=" --CompanyName "+PWDList[0]
PWD[j]=vul0
}
if PWDList[i]!="0" && i==1{
j=j+1
vul1:=" --Name "+PWDList[1]
PWD[j]=vul1
}
if PWDList[i]!="0" && i==2{
j=j+1
vul2:=" --Nums "+PWDList[2]
PWD[j]=vul2
}
}
genmai.PythonParser(PWD)
fmt.Println("弱密码已生成")
}
return
}
//SSH爆破
func SSHBurst (SSHBurst string,SSHBurstList []string){
if SSHBurst =="true" {
if SSHBurstList[0]!="false"{
SSHHostCheck,list:=IPCheck(SSHBurstList[0])
if SSHHostCheck!="true"{
fmt.Println("SSH模块 host格式报错",list)
log.Println("SSH模块 host格式报错")
}else{
poolNums,err:= strconv.Atoi(SSHBurstList[1])
if err!=nil{
fmt.Println(err)
log.Println(err)
}else{
SSHExplosion.SshExp(list[:],poolNums)
}
}
}else{
fmt.Println("SSH爆破模块,参数使用错误,请添加host参数")
log.Println("SSH爆破模块,参数使用错误,请添加host参数")
}
}
return
}
//Nmap模块解析
func NmapScan(Nmap string, NmapScanList []string){
Map:=make(map[int]string)
Map[0]="Nmap/nmapScan"
if Nmap=="true"{
if NmapScanList[0]!="false"{
if NmapScanList[1]=="all"{
Map[1]=" -H "+NmapScanList[0]+" -p "+"0-65000"
genmai.PythonParser(Map)
}else{
Map[1]=" -H "+NmapScanList[0]+" -p "+NmapScanList[1]
genmai.PythonParser(Map)
}
fmt.Println("Nmap模块结束...")
}else{
fmt.Println("Nmap模块,参数使用错误,请添加host参数")
log.Println("Nmap模块,参数使用错误,请添加host参数")
}
}
return
}
func FofaApi(Fofa string,fofaCom string){
Map:=make(map[int]string)
Map[0]="Fofa/FofaApi"
if Fofa=="true"{
if fofaCom!="null"{
Map[1]=" -c "+fofaCom
genmai.PythonParser(Map)
}else{
fmt.Println("Fofa模块,参数使用错误,请添加fofaCom参数")
log.Println("Fofa模块,参数使用错误,请添加fofaCom参数")
}
fmt.Println("Fofa模块结束...")
}
return
}
func SystemFastScan(scan string){
if scan =="true"{
FastScan.GetdpkgInfo()
fmt.Println("版本匹配检测结束...")
}
return
}

84
src/genmai/Pool/CoprogramPool.go
View File

@ -1,84 +0,0 @@
package Pool
import (
// "fmt"
// "main/genmai/Cache"
"sync"
"log"
"main/genmai"
)
func worker(OutPutJson string,task func(OutPutJson string), wg *sync.WaitGroup) {
defer wg.Done()
task(OutPutJson)
}
func kernel(OutPutJson string){
genmai.Kernel(OutPutJson)
}
func system(OutPutJson string){
genmai.System(OutPutJson)
}
func web(OutPutJson string){
genmai.Web(OutPutJson)
}
func baseline(OutPutJson string){
genmai.BaseLine(OutPutJson)
}
func CoprogramPool(Request map[string]string,ipList []string,OutPutJson string) {
var wg sync.WaitGroup
wg.Add(len(Request))
// 缓 存 获 取
// cache:=Cache.SiteCache()
if len(Request["kernel"]) > 0 {
//获 取 kernel 缓 存 值
// if kernel, found := cache.Get("kernel"); found {
// // My:=kernel
// kernelVul:=*(kernel.(*Cache.MyStruct))
// KernelTaskNums=len(kernelVul.Msg)
// }
go worker(OutPutJson,kernel,&wg)
}else{
log.Println("未加载kernel模块")
}
if len(Request["system"]) > 0 {
// if system, found := cache.Get("system"); found {
// systemVul:=*(system.(*Cache.MyStruct))
// // SystemTaskNums=len(systemVul.Msg)
// }
go worker(OutPutJson,system,&wg)
}else{
log.Println("未加载system模块")
}
if len(Request["web"]) > 0 && len(ipList)>0{
// if web, found := cache.Get("web"); found {
// webVul:=*(web.(*Cache.MyStruct))
// // WebTaskNums=len(webVul.Msg)
// }
go worker(OutPutJson,web,&wg)
}else{
log.Println("未加载web模块")
}
if len(Request["baseline"]) > 0 {
// if baseline, found := cache.Get("baseline"); found {
// baselineVul:=*(baseline.(*Cache.MyStruct))
// // BaseLineTaskNums=len(baselineVul.Msg)
// }
go worker(OutPutJson,baseline,&wg)
}else{
log.Println("未加载baseline模块")
}
wg.Wait()
}

1
src/genmai/Pool/HttpRequestPool.go
View File

@ -1 +0,0 @@
package Pool

59
src/genmai/Utils.go
View File

@ -32,7 +32,9 @@ import (
"fmt"
"os"
"strings"
// "log"
"regexp"
"strconv"
"log"
)
var A_DEBUG_LEVEL int = 0
@ -106,3 +108,58 @@ GetSubfixFile(path string) string {
/* */
return path[index:]
}
////////////////////////////////////////////////////////////////
// Arg Security Check (SecCheck)
func
SecCheckArgs(targetString string) (LegalValue string) {
match, err := regexp.MatchString(`^[a-zA-Z][a-zA-Z0-9-]{4,15}$`, targetString)
if err != nil {
fmt.Println("参数不合规")
}
// fmt.Println(match)
LegalValue=strconv.FormatBool(match)
return LegalValue
}
//IP校验
func
SecCheckIP(IP string) (matchResult string,List []string) {
List = make([]string,0)
checkIP:=strconv.FormatBool(strings.Contains(IP, "/24"))
if checkIP =="true"{
//解析D段
matchResult,List=SecCheckIPForD(IP)
}else{
match, err := regexp.MatchString(`^((0|[1-9]\d?|1\d\d|2[0-4]\d|25[0-5])\.){3}(0|[1-9]\d?|1\d\d|2[0-4]\d|25[0-5])$`, IP)
if err != nil {
fmt.Println(IP," 不合法请修改")
}
// fmt.Println(match)
matchResult=strconv.FormatBool(match)
List=append(List,IP)
}
return matchResult,List
}
//D段解析
func
SecCheckIPForD(IP string) (matchResult string,List []string) {
List = make([]string,0)
IP=strings.TrimRight(IP, "0/24")
for i:=0;i<=255;i++{
vul:=strconv.Itoa(i)
IPVul:=IP+vul
match, err := regexp.MatchString(`^((0|[1-9]\d?|1\d\d|2[0-4]\d|25[0-5])\.){3}(0|[1-9]\d?|1\d\d|2[0-4]\d|25[0-5])$`, IPVul)
if err != nil {
fmt.Println(IPVul," 不合法请修改")
}
matchResult=strconv.FormatBool(match)
if matchResult=="true"{
List=append(List,IPVul)
}else{
log.Println("D段解析错误")
}
}
return matchResult,List
}

129
src/genmai/genmai.go
View File

@ -1,129 +0,0 @@
////////////////////////////////////////////////////////////////
//
// Filename: genmai.go
//
// Version: 1.0
// Created: 2022年10月26日 01时00分32秒
// Revision: none
// Compiler: go
//
// Author: alpha
// Organization: alpha
// Contacts: chenxinquan@kylinos.cn
//
////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////
// Description:
////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////
// Log:
////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////
// Todo:
//
////////////////////////////////////////////////////////////////
package genmai
import (
"fmt"
"encoding/json"
"os"
)
func SystemCreatFile(rp *ReportSystem,fileName string){
path:="../data/Report/"+"system_"+fileName+".json"
file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err != nil {
fmt.Println("open file failed,err:",err)
return
}
defer file.Close()
jsonVul, err := json.MarshalIndent(rp, "", " ")
if err != nil {
fmt.Println("json err ", err)
}
file.Write([]byte(jsonVul)) //写入字节切片数据
}
func KernelCreatFile(rp *ReportKernel,fileName string){
path:="../data/Report/"+"sernel_:"+fileName+".json"
file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err != nil {
fmt.Println("open file failed,err:",err)
return
}
defer file.Close()
jsonVul, err := json.MarshalIndent(rp, "", " ")
if err != nil {
fmt.Println("json err ", err)
}
file.Write([]byte(jsonVul)) //写入字节切片数据
}
func BaseLineCreatFile(rp *ReportBaseLine,fileName string){
path:="../data/Report/"+"baseline_"+fileName+".json"
file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err != nil {
fmt.Println("open file failed,err:",err)
return
}
defer file.Close()
jsonVul, err := json.MarshalIndent(rp, "", " ")
if err != nil {
fmt.Println("json err ", err)
}
file.Write([]byte(jsonVul)) //写入字节切片数据
}
func Kernel(OutPutJson string) {
DoctorIns().Reset()
DoctorIns().LoadExplorersListConfig("../data/KernelPocs/KernelPocs.yaml")
A_DEBUG_INFO(">>Genmai Kernel>>")
DoctorIns().GenmaiKernel()
}
func System(OutPutJson string) {
DoctorIns().Reset()
DoctorIns().LoadExplorersListConfig("../data/SystemPocs/SystemPocs.yaml")
A_DEBUG_INFO(">>Genmai System>>")
rp := DoctorIns().GenmaiSystem()
if len(rp.RCExploredVulns)==0{
fmt.Println("System info: No vulnerability")
}else if OutPutJson !="null"{
SystemCreatFile(rp,OutPutJson)
}
}
func Web(OutPutJson string) {
fmt.Println("web")
}
func BaseLine(OutPutJson string){
DoctorIns().Reset()
DoctorIns().LoadExplorersListConfig("../data/BaseLine/BaseLine.yaml")
A_DEBUG_INFO(">>Genmai BaseLine>>")
rp:=DoctorIns().GenmaiBaseline()
if len(rp.RCExploredVulns)==0{
fmt.Println("BaseLine info: No vulnerability")
}else if OutPutJson !="null"{
BaseLineCreatFile(rp,OutPutJson)
}
}

BIN
src/main
View File

Binary file not shown.

528
src/main.go
View File

@ -1,17 +1,22 @@
package main
import (
"main/genmai/ArgParser"
"main/genmai/FrameWorkCheck"
"flag"
"log"
"strconv"
"main/genmai/FrameWorkCheck"
"flag"
"log"
"strconv"
"fmt"
"encoding/json"
"os"
genmai "main/genmai"
"main/tools/SSHExplosion"
"main/tools/FastScan"
"main/genmai/RemoteCheck"
// gcon "main/gconsole"
)
type Vul struct{
ParserNum int //协程数
type Args struct{
ParserNum int //协程数
System string //执行系统漏洞检测
Web string //Web漏洞检测
Kernel string //内核漏洞检测
@ -64,17 +69,17 @@ func main(){
// return
var vul Vul //定义vul
var args Args //定义vul
var RAV RAVUL
var WKV WKPWDVUL
var FC FofaCommand
vul.PoolStatNum =0
args.PoolStatNum =0
//开始日志打印日志
genmai.LogInit()
//检测系统架构
frameWork:=FrameWorkCheck.FwCheck()
frameWork := FrameWorkCheck.FwCheck()
if len(frameWork) > 0{
log.Println("frameWork sure")
}else{
@ -84,98 +89,513 @@ func main(){
Help := flag.Bool("help", false,"")
//识别参数,执行模块
flag.IntVar(&vul.ParserNum, "poolNums", 100, "设置协程的数量默认数量为0最大数量为1000")
flag.StringVar(&vul.Web, "web", "false", "使用web漏洞的验证模块可联合其他模块使用")
flag.StringVar(&vul.IP, "ip", "false", "设置ip可设置ip段进行验证")
flag.StringVar(&vul.System, "system", "false", "使用系统漏洞的验证模块,可联合其他模块使用")
flag.StringVar(&vul.Kernel, "kernel", "false", "使用内核漏洞的验证模块,可联合其他模块使用")
flag.StringVar(&vul.BaseLine, "baseline", "false", "使用基线检测模块,可联合其他模块使用")
flag.IntVar(&args.ParserNum, "poolNums", 100,
"设置协程的数量默认数量为0最大数量为1000")
flag.StringVar(&args.Web, "web", "false",
"使用web漏洞的验证模块可联合其他模块使用")
flag.StringVar(&args.IP, "ip", "false",
"设置ip可设置ip段进行验证")
flag.StringVar(&args.System, "system", "false",
"使用系统漏洞的验证模块,可联合其他模块使用")
flag.StringVar(&args.Kernel, "kernel", "false",
"使用内核漏洞的验证模块,可联合其他模块使用")
flag.StringVar(&args.BaseLine, "baseline", "false",
"使用基线检测模块,可联合其他模块使用")
//远程模块参数
RA := flag.Bool("RA", false, "使用远程检测,只能单独使用模块")
RA := flag.Bool("RA", false,
"使用远程检测,只能单独使用模块")
flag.StringVar(&RAV.Host, "host", "false", "IP")
flag.StringVar(&RAV.Port, "port", "all", "端口")
flag.StringVar(&RAV.User, "user", "false", "用户名")
flag.StringVar(&RAV.Password, "passwd", "false", "远程登录密码")
//弱密码生成模块
WK := flag.Bool("WKPWD", false, "使用弱口令生成器模块,选用参数CPN,Name,Nums")
WK := flag.Bool("WKPWD", false,
"使用弱口令生成器模块,选用参数CPN,Name,Nums")
flag.StringVar(&WKV.CompanyName, "CPN", "0", "设置特定公司名")
flag.StringVar(&WKV.Name, "Name", "0", "设置姓名")
flag.StringVar(&WKV.Nums, "Nums", "0", "设置特殊数字(如年份)")
// SSH爆破模块
SSHB:= flag.Bool("SSHBurst", false, "使用SSH爆破,必用参数host,选用参数poolNums")
SSHB := flag.Bool("SSHBurst", false,
"使用SSH爆破,必用参数host,选用参数poolNums")
// Nmap模块
NmapScan:= flag.Bool("Nmap",false,"使用Nmap模块进行扫描,必用参数host,选用参数port")
NmapScan := flag.Bool("Nmap",false,
"使用Nmap模块进行扫描,必用参数host,选用参数port")
// Fofa模块
Fofa:=flag.Bool("Fofa",false,"Fofa探测,必用参数FofaCom")
Fofa := flag.Bool("Fofa",false,
"Fofa探测,必用参数FofaCom")
flag.StringVar(&FC.FofaCom, "fofaCom", "null", "设置特定公司名")
//版本匹配,快速扫描
FastScan := flag.Bool("FastScan", false, "版本匹配,快速检测漏洞")
//输出json格式文件
flag.StringVar(&vul.OutPutJson, "OutPutJson", "null", "将漏洞扫描模块输出结果转成json文件")
flag.StringVar(&args.OutPutJson, "OutPutJson", "null",
"将漏洞扫描模块输出结果转成json文件")
//
All := flag.Bool("all", false, "只扫描system,kernel的所有poc以及检测baselin模块不可联合其他参数使用")
All := flag.Bool("all", false,
"只扫描system,kernel的所有poc以及检测baselin模块不可联合其他参数使用")
Update := flag.Bool("update", false, "更新程序到最新版本,不可联合其他参数使用")
Update := flag.Bool("update", false,
"更新程序到最新版本,不可联合其他参数使用")
//flag解析
flag.Parse()
//将插件模块的值存放到数组中
PWDList :=[...]string{WKV.CompanyName,WKV.Name,WKV.Nums}
poolNums:=strconv.Itoa(vul.ParserNum)
SSHBurstList :=[...]string{RAV.Host,poolNums}
NmapScanList :=[...]string{RAV.Host,RAV.Port}
//PWDList :=[...]string{WKV.CompanyName,WKV.Name,WKV.Nums}
//poolNums := strconv.Itoa(args.ParserNum)
// SSHBurstList :=[...]string{RAV.Host,poolNums}
// NmapScanList :=[...]string{RAV.Host,RAV.Port}
//初始化bool值
sAll :=strconv.FormatBool(*All)
vul.Update=strconv.FormatBool(*Update)
vul.RemoteAssessment=strconv.FormatBool(*RA)
vul.WKPWD=strconv.FormatBool(*WK)
help:=strconv.FormatBool(*Help)
vul.SSHBurst =strconv.FormatBool(*SSHB)
vul.Nmap = strconv.FormatBool(*NmapScan)
vul.Fofa = strconv.FormatBool(*Fofa)
vul.FastScan = strconv.FormatBool(*FastScan)
sAll := strconv.FormatBool(*All)
args.Update=strconv.FormatBool(*Update)
args.RemoteAssessment=strconv.FormatBool(*RA)
args.WKPWD=strconv.FormatBool(*WK)
help := strconv.FormatBool(*Help)
args.SSHBurst =strconv.FormatBool(*SSHB)
args.Nmap = strconv.FormatBool(*NmapScan)
args.Fofa = strconv.FormatBool(*Fofa)
args.FastScan = strconv.FormatBool(*FastScan)
//输出格式选择
// if vul.OutPutJson =="null"{
// if args.OutPutJson =="null"{
// fmt.Printf("%c[%d;%d;%dm%s%c[0m\n", 0x1B, 0, 0, 33, "Warn: No output format specified , please enter", 0x1B)
// }else{
// var OutPutJson string ="true"
// fmt.Println(vul.OutPutJson)
// fmt.Println(args.OutPutJson)
// return
// }
if (args.System=="false" &&
args.Kernel=="false" &&
args.Web=="false" &&
args.BaseLine=="false" &&
args.Update!="true" &&
sAll!="true" &&
help!="true" ) {
fmt.Println("err,Please enter parameters")
return
}
//协程最大值为200
if args.ParserNum<0 || args.ParserNum>500{
fmt.Println("协程最大值为0-500")
return
}else{
poolNum:= args.ParserNum
fmt.Println("info:Genmai enable default coprocess",poolNum)
}
// Help
if help=="true"{
flag.PrintDefaults()
}
emmit(args, RAV, WKV, FC)
return
}
func emmit(args Args, RAV RAVUL, WKV WKPWDVUL, FC FofaCommand) {
poolNums := strconv.Itoa(args.ParserNum)
//是否开启远程检测
if vul.RemoteAssessment=="true"{
if args.RemoteAssessment=="true"{
var RemoteMap map[string]string
RemoteMap= make(map[string]string)
RemoteMap["host"]= RAV.Host
RemoteMap["port"]= RAV.Port
RemoteMap["user"]= RAV.User
RemoteMap["password"]= RAV.Password
RemoteMap["system"]= vul.System
RemoteMap["kernel"]= vul.Kernel
RemoteMap["baseline"]= vul.BaseLine
ArgParser.RemoteArgParser(RemoteMap)
RemoteMap["system"]= args.System
RemoteMap["kernel"]= args.Kernel
RemoteMap["baseline"]= args.BaseLine
genmaiRemote(RemoteMap)
}else{
ArgParser.WKPWD(vul.WKPWD,PWDList[:])
ArgParser.SSHBurst(vul.SSHBurst,SSHBurstList[:])
ArgParser.NmapScan(vul.Nmap, NmapScanList[:])
ArgParser.FofaApi(vul.Fofa,FC.FofaCom)
ArgParser.SystemFastScan(vul.FastScan)
ArgParser.ParameterParser(vul.System,vul.Kernel,vul.Web,vul.BaseLine,sAll,vul.PoolStatNum,vul.ParserNum,vul.Update,vul.IP,help,vul.OutPutJson)
///////////////////////////////
// 基础模块
// System
if ("false" != args.System) {
genmaiSystem(args)
} // if ("flase ...
// Kernel
if ("false" != args.Kernel) {
genmaiKernel(args)
} // if ("flase ...
// Web
if args.Web!="false" && args.IP!="false"{
genmaiWeb(args)
}else if args.Web!="false" && args.IP=="false"{
fmt.Println("请输入IP参数")
return
}else if args.Web=="false" && args.IP!="false"{
fmt.Println("请输入web参数")
return
}
// BaseLine
if args.BaseLine!="false"{
genmaiBaseLine(args)
}
// 基础模块
///////////////////////////////
// ArgParser.WKPWD(args.WKPWD,PWDList[:])
if ("true" == args.WKPWD) {
//将插件模块的值存放到数组中
PWDList :=[...]string{WKV.CompanyName,WKV.Name,WKV.Nums}
genmaiWKPWD(args.WKPWD, PWDList[:]);
} // if ("true ...
// ArgParser.SSHBurst(args.SSHBurst,SSHBurstList[:])
if ("true" == args.SSHBurst) {
//将插件模块的值存放到数组中
SSHBurstList :=[...]string{RAV.Host,poolNums}
genmaiSSHBurst(args.SSHBurst,SSHBurstList[:])
} // if ("true ...
// ArgParser.NmapScan(args.Nmap, NmapScanList[:])
if ("true" == args.Nmap) {
NmapScanList :=[...]string{RAV.Host,RAV.Port}
genmaiNmapScan(args.Nmap, NmapScanList[:])
} // if ("true ...
// ArgParser.FofaApi(args.Fofa,FC.FofaCom)
if ("true" == args.Fofa) {
genmaiFofaApi(args.Fofa,FC.FofaCom)
}
if ("true" == args.FastScan) {
genmaiSystemFastScan(args.FastScan)
}
} // if args.RemoteAssessment=="true" ... else ...
}
////////////////////////////////////////////////////////////////
// genmai plug-in modules
////////////////////////////////////////////////////////////////
// 基础模块
func
genmaiSystem(args Args) {
createfile_fun := func (rp *genmai.ReportSystem,
fileName string ) {
path:="../data/Report/"+"system_"+fileName+".json"
file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err != nil {
fmt.Println("open file failed,err:",err)
return
}
defer file.Close()
jsonVul, err := json.MarshalIndent(rp, "", " ")
if err != nil {
fmt.Println("json err ", err)
}
file.Write([]byte(jsonVul)) //写入字节切片数据
} // createfile_fun
fun := func (jout string) {
genmai.DoctorIns().Reset()
genmai.DoctorIns().LoadExplorersListConfig("../data/SystemPocs/SystemPocs.yaml")
genmai.A_DEBUG_INFO(">>Genmai System>>")
rp := genmai.DoctorIns().GenmaiSystem()
if len(rp.RCExploredVulns)==0{
fmt.Println("System info: No vulnerability")
}else if jout !="null"{
createfile_fun(rp,jout)
}
}
if args.System=="All" || args.System=="all"{
fun(args.OutPutJson)
}else{
//检测函数检测安全性
//单独检查某个项目
LegalSystem:=genmai.SecCheckArgs(args.System)
if LegalSystem=="true"{
fun(args.OutPutJson)
}else{
fmt.Println("system参数不合规")
}
}
}
func
genmaiKernel(args Args) {
// createfile_fun := func (rp *genmai.ReportKernel,fileName string) {
// path:="../data/Report/"+"sernel_:"+fileName+".json"
// file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
// if err != nil {
// fmt.Println("open file failed,err:",err)
// return
// }
//
// defer file.Close()
// jsonVul, err := json.MarshalIndent(rp, "", " ")
// if err != nil {
// fmt.Println("json err ", err)
// }
// file.Write([]byte(jsonVul)) //写入字节切片数据
// }
fun := func (jout string) {
genmai.DoctorIns().Reset()
genmai.DoctorIns().LoadExplorersListConfig("../data/KernelPocs/KernelPocs.yaml")
genmai.A_DEBUG_INFO(">>Genmai Kernel>>")
genmai.DoctorIns().GenmaiKernel()
}
if args.Kernel=="All" || args.Kernel=="all"{
fun(args.OutPutJson)
}else{
//检测函数检测安全性
//单独检查某个项目
LegalKernel:=genmai.SecCheckArgs(args.Kernel)
if LegalKernel=="true"{
fun(args.OutPutJson)
}else{
fmt.Println("kernel参数不合规")
}
}
}
func
genmaiWeb(args Args) {
var ipCheck string
// ipList := make([]string,0)
if args.Web=="All" || args.Web=="all"{
ipCheck,_=genmai.SecCheckIP(args.IP)
if ipCheck=="true"{
//Request["web"] = args.Web
//Num=Num+1
}else{
fmt.Println("IP参数不合规")
}
}else{
//检测函数检测安全性
//单独检查某个项目
LegalWeb:=genmai.SecCheckArgs(args.Web)
ipCheck,_=genmai.SecCheckIP(args.IP)
if ipCheck=="true"&&LegalWeb=="true"{
//Request["web"] = args.Web
//Num=Num+1
}else{
fmt.Println("参数不合规")
}
}
}
func
genmaiBaseLine(args Args) {
createfile_fun := func (rp *genmai.ReportBaseLine, fileName string){
path:="../data/Report/"+"baseline_"+fileName+".json"
file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666)
if err != nil {
fmt.Println("open file failed,err:",err)
return
}
defer file.Close()
jsonVul, err := json.MarshalIndent(rp, "", " ")
if err != nil {
fmt.Println("json err ", err)
}
file.Write([]byte(jsonVul)) //写入字节切片数据
}
fun := func (jout string) {
genmai.DoctorIns().Reset()
genmai.DoctorIns().LoadExplorersListConfig("../data/BaseLine/BaseLine.yaml")
genmai.A_DEBUG_INFO(">>Genmai BaseLine>>")
rp:=genmai.DoctorIns().GenmaiBaseline()
if len(rp.RCExploredVulns)==0{
fmt.Println("BaseLine info: No vulnerability")
}else if jout !="null"{
createfile_fun(rp,jout)
}
} // fun
if args.BaseLine=="All" || args.BaseLine=="all"{
fun(args.OutPutJson)
}else{
//检测函数检测安全性
//单独检查某个项目
LegalBaseline:=genmai.SecCheckArgs(args.BaseLine)
if LegalBaseline=="true"{
fun(args.OutPutJson)
}else{
fmt.Println("BaseLine参数不合规")
}
}
}
//远程参数解析
func genmaiRemote(oldRemoteMap interface{})(){
RemoteMap:=oldRemoteMap.(map[string]string)
if RemoteMap["host"] !="false" && RemoteMap["user"] !="false" && RemoteMap["password"] !="false" && RemoteMap["port"] !="all"{
SSHHostCheck,list:=genmai.SecCheckIP(RemoteMap["host"])
if SSHHostCheck !="true"{
fmt.Println("host错误",list)
}else{
var RemoteArg []string
Host:=RemoteMap["host"]
Port:=RemoteMap["port"]
User:=RemoteMap["user"]
Password:=RemoteMap["password"]
PortInt ,err:=strconv.Atoi(Port)
if err!=nil{
fmt.Println(err)
}
if RemoteMap["kernel"]=="all" || RemoteMap["kernel"]=="All"{
RemoteArg =append(RemoteArg ,"kernel")
}
if RemoteMap["system"]=="all" || RemoteMap["system"]=="All"{
RemoteArg =append(RemoteArg,"system")
}
if RemoteMap["baseline"]=="all" || RemoteMap["baseline"]=="All"{
RemoteArg =append(RemoteArg,"baseline")
}
RemoteCheck.RemoteScan(Host,PortInt,User,Password,RemoteArg)
}
}
}
// 基础模块
////////////////////////////////////////////////////////////////
///////////////////////////////
//弱口令模块
func
genmaiWKPWD(WKPWD string ,PWDList []string) {
PWD:=make(map[int]string)
j:=0
PWD[0] ="WeakPwdGeneration/WeakPwdGeneration" //文件名
for i:=0;i<len(PWDList);i++{
if PWDList[i]!="0" && i==0{
j=j+1
vul0:=" --CompanyName "+PWDList[0]
PWD[j]=vul0
}
if PWDList[i]!="0" && i==1{
j=j+1
vul1:=" --Name "+PWDList[1]
PWD[j]=vul1
}
if PWDList[i]!="0" && i==2{
j=j+1
vul2:=" --Nums "+PWDList[2]
PWD[j]=vul2
}
} // for i:= ...
genmai.PythonParser(PWD)
fmt.Println("弱密码已生成")
return
}
///////////////////////////////
//SSH爆破
func
genmaiSSHBurst(SSHBurst string,SSHBurstList []string) {
if SSHBurstList[0]!="false"{
SSHHostCheck,list := genmai.SecCheckIP(SSHBurstList[0])
if SSHHostCheck!="true"{
fmt.Println("SSH模块 host格式报错",list)
log.Println("SSH模块 host格式报错")
}else{
poolNums,err:= strconv.Atoi(SSHBurstList[1])
if err!=nil{
fmt.Println(err)
log.Println(err)
}else{
SSHExplosion.SshExp(list[:],poolNums)
}
}
}else{
fmt.Println("SSH爆破模块,参数使用错误,请添加host参数")
log.Println("SSH爆破模块,参数使用错误,请添加host参数")
} // if SSHBurstList ... else ...
return
}
///////////////////////////////
//Nmap模块解析
func
genmaiNmapScan(Nmap string, NmapScanList []string) {
Map:=make(map[int]string)
Map[0]="Nmap/nmapScan"
if NmapScanList[0]!="false"{
if NmapScanList[1]=="all"{
Map[1]=" -H "+NmapScanList[0]+" -p "+"0-65000"
genmai.PythonParser(Map)
}else{
Map[1]=" -H "+NmapScanList[0]+" -p "+NmapScanList[1]
genmai.PythonParser(Map)
}
fmt.Println("Nmap模块结束...")
}else{
fmt.Println("Nmap模块,参数使用错误,请添加host参数")
log.Println("Nmap模块,参数使用错误,请添加host参数")
}
return
}
///////////////////////////////
// Fofa模块解析
func
genmaiFofaApi(Fofa string,fofaCom string) {
Map:=make(map[int]string)
Map[0]="Fofa/FofaApi"
if fofaCom!="null"{
Map[1]=" -c "+fofaCom
genmai.PythonParser(Map)
}else{
fmt.Println("Fofa模块,参数使用错误,请添加fofaCom参数")
log.Println("Fofa模块,参数使用错误,请添加fofaCom参数")
}
fmt.Println("Fofa模块结束...")
return
}
///////////////////////////////
// 快扫模块
func
genmaiSystemFastScan(scan string) {
FastScan.GetdpkgInfo()
fmt.Println("版本匹配检测结束...")
return
}
// genmai plug-in modules
////////////////////////////////////////////////////////////////

1
src/stereo Symbolic link
View File

@ -0,0 +1 @@
/etc